UMD Researchers Present Paper on Innovative Work for Ensuring Integrity in Cloud-Hosted Databases

Thu Oct 08, 2015

University of Maryland researchers are set to present their findings on innovative technology they have developed to verify the integrity and completeness of important data stored by users or corporations in the cloud.

A paper they co-authored, “IntegriDB: Verifiable SQL for Outsourced Databases,” describes a cryptographic protocol they developed that ensures accuracy of the results returned by cloud-hosted Structured Query Language (SQL) databases, and also detects any attempt at providing an incorrect result.

The technology, called IntegriDB, works by building an authenticated data structure on top of the original data and having the data owner publish a short public key that depends on the original data, says Katz, a professor of computer science and director of the Maryland Cybersecurity Center (MC2) on the UMD campus.

When returning the answer to some SQL query made by a client, Katz says, the cloud server uses the authenticated data structure to compute a short proof that is sent back to the client along with the result. The client can then verify the correctness of the result against the original public key.

With the advent of cloud computing, there has been significant interest in developing techniques for ensuring the accuracy of computations performed by an untrusted server on behalf of a data owner, says Papamanthou, an assistant professor of electrical and computer engineering who is also in MC2.

IntegriDB outperforms state-of-the-art verifiable database systems in terms of its expressiveness, performance and scalability, he says, adding that the UMD researchers have tested the technology on database tables with up to six million rows.

“We are the first to design efficient cryptographic algorithms and implement them in a system that provides fast verification of most common SQL queries that are executed remotely in a cloud setting,” Papamanthou says. “Our verification algorithms take milliseconds to accept or reject an answer, irrespective of the time it takes to answer the SQL queries.”

The paper will be presented at ACM CCS, one of the leading conferences on computer security, by Zhang, a third-year doctoral student in electrical and computer engineering.

The team’s research was sponsored in part by a National Science Foundation award, the U.S. Army Research Laboratory, and the U.K. Ministry of Defence.